IBM Business Process Manager Unspecified Security Vulnerability

Bugtraq ID:	58541
Class:	Unknown
CVE:
Remote:	Yes
Local:	No
Published:	Mar 15 2013 12:00AM
Updated:	Mar 15 2013 12:00AM
Credit:	IBM
Vulnerable:
Not Vulnerable:

IBM Business Process Manager CVE-2013-0581 Multiple Cross Site Scripting Vulnerabilities

IBM Business Process Manager is prone to multiple cross-site scripting vulnerabilities; fixes are available.

An attacker may leverage these issues to execute arbitrary HTML and script code in the browser of an unsuspecting user in the context of the affected site. This may let the attacker steal cookie-based authentication credentials and launch other attacks.

IBM Business Process Manager versions 7.5.1, 8.0, and 8.0.1 are vulnerable.

IBM Business Process Manager CVE-2013-0581 Multiple Cross Site Scripting Vulnerabilities

Attackers can exploit these issues by enticing an unsuspecting victim into following a malicious URI.

IBM Business Process Manager CVE-2013-0581 Multiple Cross Site Scripting Vulnerabilities

Solution:
Updates are available. Please see the references or vendor advisory for more information.

IBM Business Process Manager CVE-2013-0581 Multiple Cross Site Scripting Vulnerabilities

References: